rpms/selinux-policy/devel policy-20051208.patch, 1.34, 1.35 selinux-policy.spec, 1.70, 1.71
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Jan 3 17:21:13 UTC 2006
- Previous message (by thread): rpms/gtksourceview/devel .cvsignore, 1.15, 1.16 gtksourceview.spec, 1.21, 1.22 sources, 1.14, 1.15
- Next message (by thread): rpms/openoffice.org/devel openoffice.org-2.0.1-ooo59997.sw.defaultbullets.patch, NONE, 1.1 openoffice.org-1.9.129.ooo54603.fontconfig.patch, 1.3, 1.4 openoffice.org.spec, 1.600, 1.601
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv620
Modified Files:
policy-20051208.patch selinux-policy.spec
Log Message:
* Tue Jan 3 2006 Dan Walsh <dwalsh at redhat.com> 2.1.6-23
- Allow load_policy to read /etc/mtab
policy-20051208.patch:
Makefile | 2
Rules.modular | 10
config/appconfig-strict-mcs/default_type | 6
config/appconfig-strict-mls/default_type | 7
config/appconfig-strict-mls/initrc_context | 2
config/appconfig-targeted-mcs/default_type | 2
config/appconfig-targeted-mls/default_type | 2
config/appconfig-targeted-mls/initrc_context | 2
man/man8/ftpd_selinux.8 | 56 ++++
man/man8/httpd_selinux.8 | 123 ++++++++
man/man8/kerberos_selinux.8 | 31 ++
man/man8/named_selinux.8 | 29 ++
man/man8/nfs_selinux.8 | 30 ++
man/man8/nis_selinux.8 | 1
man/man8/rsync_selinux.8 | 41 ++
man/man8/samba_selinux.8 | 60 ++++
man/man8/ypbind_selinux.8 | 19 +
policy/global_tunables | 3
policy/mcs | 321 ++++-------------------
policy/mls | 371 +++++----------------------
policy/modules/admin/amanda.te | 4
policy/modules/admin/kudzu.te | 9
policy/modules/admin/logrotate.te | 4
policy/modules/admin/rpm.fc | 1
policy/modules/admin/rpm.te | 19 -
policy/modules/admin/tmpreaper.te | 3
policy/modules/admin/usermanage.te | 15 -
policy/modules/apps/java.fc | 4
policy/modules/apps/java.if | 23 +
policy/modules/apps/java.te | 25 +
policy/modules/apps/webalizer.te | 1
policy/modules/kernel/corecommands.te | 6
policy/modules/kernel/corenetwork.te.in | 12
policy/modules/kernel/devices.fc | 9
policy/modules/kernel/domain.if | 1
policy/modules/kernel/domain.te | 4
policy/modules/kernel/files.fc | 27 +
policy/modules/kernel/files.if | 17 +
policy/modules/kernel/kernel.if | 3
policy/modules/kernel/kernel.te | 30 +-
policy/modules/kernel/mls.te | 9
policy/modules/kernel/selinux.te | 2
policy/modules/kernel/storage.fc | 46 +--
policy/modules/services/apache.te | 9
policy/modules/services/apm.te | 1
policy/modules/services/automount.te | 9
policy/modules/services/bind.if | 19 +
policy/modules/services/bluetooth.te | 1
policy/modules/services/cron.te | 3
policy/modules/services/cups.te | 7
policy/modules/services/cvs.fc | 2
policy/modules/services/cvs.te | 6
policy/modules/services/dbus.te | 1
policy/modules/services/dovecot.te | 2
policy/modules/services/hal.te | 4
policy/modules/services/ldap.te | 4
policy/modules/services/locate.fc | 4
policy/modules/services/locate.if | 1
policy/modules/services/locate.te | 50 +++
policy/modules/services/logwatch.fc | 3
policy/modules/services/logwatch.if | 1
policy/modules/services/logwatch.te | 103 +++++++
policy/modules/services/mta.te | 13
policy/modules/services/ppp.te | 4
policy/modules/services/prelink.fc | 7
policy/modules/services/prelink.if | 39 ++
policy/modules/services/prelink.te | 64 ++++
policy/modules/services/remotelogin.te | 1
policy/modules/services/samba.if | 1
policy/modules/services/sasl.te | 8
policy/modules/services/sendmail.te | 36 --
policy/modules/services/ssh.te | 10
policy/modules/services/xdm.te | 4
policy/modules/system/authlogin.if | 12
policy/modules/system/authlogin.te | 1
policy/modules/system/getty.te | 3
policy/modules/system/hostname.if | 15 +
policy/modules/system/hostname.te | 37 --
policy/modules/system/init.if | 14 +
policy/modules/system/init.te | 22 +
policy/modules/system/iptables.te | 2
policy/modules/system/libraries.fc | 8
policy/modules/system/libraries.te | 4
policy/modules/system/locallogin.te | 2
policy/modules/system/logging.fc | 7
policy/modules/system/logging.if | 21 +
policy/modules/system/logging.te | 5
policy/modules/system/lvm.te | 2
policy/modules/system/mount.te | 2
policy/modules/system/selinuxutil.fc | 6
policy/modules/system/selinuxutil.te | 11
policy/modules/system/udev.fc | 1
policy/modules/system/udev.te | 4
policy/modules/system/unconfined.fc | 2
policy/modules/system/unconfined.te | 9
policy/modules/system/userdomain.fc | 2
policy/modules/system/userdomain.if | 27 +
policy/modules/system/userdomain.te | 16 +
policy/users | 8
99 files changed, 1329 insertions(+), 723 deletions(-)
Index: policy-20051208.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20051208.patch,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- policy-20051208.patch 2 Jan 2006 19:56:17 -0000 1.34
+++ policy-20051208.patch 3 Jan 2006 17:21:11 -0000 1.35
@@ -3203,8 +3203,16 @@
# /root
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.1.6/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2005-12-09 23:35:08.000000000 -0500
-+++ serefpolicy-2.1.6/policy/modules/system/selinuxutil.te 2006-01-02 12:24:12.000000000 -0500
-@@ -198,7 +198,6 @@
++++ serefpolicy-2.1.6/policy/modules/system/selinuxutil.te 2006-01-03 12:20:18.000000000 -0500
+@@ -182,6 +182,7 @@
+
+ # for mcs.conf
+ files_read_etc_files(load_policy_t)
++files_read_etc_runtime_files(load_policy_t)
+
+ libs_use_ld_so(load_policy_t)
+ libs_use_shared_libs(load_policy_t)
+@@ -198,7 +199,6 @@
# cjp: temporary hack to cover
# up stray file descriptors.
dontaudit load_policy_t selinux_config_t:file write;
@@ -3212,7 +3220,7 @@
########################################
#
-@@ -217,7 +216,8 @@
+@@ -217,7 +217,8 @@
allow newrole_t self:msg { send receive };
allow newrole_t self:unix_dgram_socket sendto;
allow newrole_t self:unix_stream_socket { create_stream_socket_perms connectto };
@@ -3222,7 +3230,7 @@
allow newrole_t { selinux_config_t default_context_t }:dir r_dir_perms;
allow newrole_t { selinux_config_t default_context_t }:file r_file_perms;
-@@ -377,6 +377,10 @@
+@@ -377,6 +378,10 @@
udev_dontaudit_rw_unix_dgram_socket(restorecon_t)
')
@@ -3233,7 +3241,7 @@
optional_policy(`hotplug',`
hotplug_use_fd(restorecon_t)
')
-@@ -407,8 +411,10 @@
+@@ -407,8 +412,10 @@
ifdef(`targeted_policy',`',`
allow run_init_t self:process setexec;
allow run_init_t self:capability setuid;
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.70
retrieving revision 1.71
diff -u -r1.70 -r1.71
--- selinux-policy.spec 2 Jan 2006 19:56:17 -0000 1.70
+++ selinux-policy.spec 3 Jan 2006 17:21:11 -0000 1.71
@@ -7,7 +7,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.1.6
-Release: 22
+Release: 23
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -258,6 +258,9 @@
%endif
%changelog
+* Tue Jan 3 2006 Dan Walsh <dwalsh at redhat.com> 2.1.6-23
+- Allow load_policy to read /etc/mtab
+
* Mon Jan 2 2006 Dan Walsh <dwalsh at redhat.com> 2.1.6-22
- Fix dovecot to allow dovecot_auth to look at /tmp
- Previous message (by thread): rpms/gtksourceview/devel .cvsignore, 1.15, 1.16 gtksourceview.spec, 1.21, 1.22 sources, 1.14, 1.15
- Next message (by thread): rpms/openoffice.org/devel openoffice.org-2.0.1-ooo59997.sw.defaultbullets.patch, NONE, 1.1 openoffice.org-1.9.129.ooo54603.fontconfig.patch, 1.3, 1.4 openoffice.org.spec, 1.600, 1.601
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list